Monthly Archives: February 2013

Android smartphones offer much in the way of choice and innovation. But the phones also have some serious security problems that need to be dealt with.

Here are a few tips on how to keep out intruders on your smartphone:

protect-your-andriod-phone

Make sure you tweak your internet security settings so intruders can’t steal private details, such as banking or work information. Access the settings to turn off pop-ups for a start.

Don’t download apps that aren’t from well-known or reputable brands. Google has already had to delete apps remotely from users’ phones because of malware – don’t let that happen to you.

Location-based apps are great, but they can also be a little uncomfortable for some users. Turn off location-based features to both save yourself some battery and the worry of being watched.

Lock your screen. If you lose your phone, make it harder for someone to crack into it – keep a lock on your screen with a code only you know.

Don’t underestimate the power in your hand
When it comes to your smartphone, you don’t always know the power you’re holding. Your phone is basically a computer, and it has the same limitations and weaknesses as any other computer. Take the same basic precautions you would use with a Windows PC — which means, first of all, installing anti-virus software.

Be careful where you get your apps
Stu Sjouwerman, founder of KnowBe4, a private security firm in Clearwater, Fla., says every Android user needs to be cautious about downloading and installing apps.

“Not all apps are friendly or safe. Some apps are evil,” Sjouwerman said. “Make sure you check out apps carefully before you install them on your phone or tablet. Also, be careful downloading free games for your phone.”

Don’t answer text messages from unfamiliar numbers
Text messages from unknown entities are best deleted, not answered. Otherwise, you might end up with malware.

Back up your data and add a remote-wipe feature“God forbid your device has been lost or stolen, what should you do? What if the thief attempts to gain access to those embarrassing pictures of you?” Powers said. “No need to panic — there’s an easy fix.

“By adding a remote-wipe feature, you can erase those humiliating pictures (and all other data) remotely before the phone thief gets his grubby hands on them,” Powers said. “Unlike Apple devices such as the iPhone or iPad, Android devices do not natively incorporate features such as Remote Wipe and Backup.

Set your passcode or pattern lock
Use a passcode or pattern lock to protect your phone. If you’re choosing a numerical passcode, use more than the minimum four digits. Instead, use something long and complicated and you will be rewarded with greater security. As always, choose your passcode or pattern wisely.

Encrypt your data
Using encryption to keep data secure is an essential part of using any machine. By adding encryption, you give your data security a fighting chance.

“Encryption is known as the translation of data into a secret code. Before data may be accessed, a key or password must be entered,” Powers said. “For the sake of your data, it is extremely important to enable disk encryption.

“Enable data encryption by tapping Settings -> Security -> Enable Encryption. By enabling this option, you make it difficult for someone to pull readable data from your phone if the device is lost or stolen.”

Don’t do business on your phone
“Under no circumstances do any financial transactions on your phone,” Sjouwerman said. “Your credit-card data will travel over the air and can be compromised.”

It may be more convenient to use your phone, but it’s better to be safe than sorry when it comes to your credit-card numbers and bank accounts.

Update your phone’s software as often as possible
“Many ask themselves, ‘Why should I update my device?’ The answer is quite simple: By keeping your operating system up-to-date, you will reduce the risk of security vulnerabilities,” said Sabrina M. Powers of SecureState, an information-security provider in Cleveland.

“Your Android device will usually prompt you when an update is available. Most Android updates are carried out ‘over-the-air.’ Therefore, it’s crucial that you are first hooked up to either your mobile network or Wi-Fi before initiating the update,” Powers said. “To check for updates, go to Settings -> System Updates -> Firmware Update.”

Advertisements

Share this:

Like this:

Regularly keep updating Anti-Virus Software:Its a good practise to keep your anti virus software updated with latest updates. Always running up-to-date anti-virus software can help provide the first alert if your system has been compromised while connected to an unsecured network. An alert will be displayed if any known viruses are loaded onto your PC or if there’s any suspicious behavior, such as modifications to registry files. While running anti-virus software might not catch all unauthorized activity, it’s a great way to protect against most attacks.

Always Turn on you Firewall:Its a good practise to keep your firewall to make work, ie it should be kept on always, it helps you in protecting your computer. Most OS’s include a built-in firewall, which monitors incoming and outgoing connections. A firewall won’t provide complete protection, but it’s a setting that should always be enabled. On a Windows notebook, locate your firewall settings in the Control Panel under System And Security. Click on Windows Firewall, then click Turn Windows Firewall On or Off. Enter your administrator password, then verify that the Windows Firewall is on. These settings are in System Preferences, then Security & Privacy on a Mac. Navigate to the Firewall tab and click Turn On Firewall. If these settings are grayed out, click the padlock icon in the lower left, enter your password, then follow these steps again.

Protect your passwords:Using unique passwords for different accounts can help if one of your accounts is compromised. Keeping track of multiple secure passwords can be tricky, so using a password manager such as KeePass or LastPass can help keep you safe and secure. Both KeePass and LastPass are free, but they store your information in different ways. KeePass keeps an encrypted database file on your computer, while LastPass stores your credentials in the cloud. There are pros and cons to each approach, but both services are completely secure.

Confirm the network name:
Sometimes hackers will set up a fake Wi-Fi network to attract unwitting public Wi-Fi users. The Starbucks public Wi-Fi network might not be named “Free Starbucks Wi-Fi.” Connecting to a fake network could put your device into the hands of a malicious ne’er-do-well. If you’re not sure if you’re connecting to the official network, ask. If you’re in a café or coffee shop, employees will know the name of the official network and help you get connected. If there’s no one around to ask, you may want to move to a different location where you can be sure that the Wi-Fi network isn’t fake.

Use two-factor authentication:
Two-factor authentication means you need two pieces of information to log into an account: One is something you know and the other is something you have. Most often this takes the form of a password and a code sent to your cellphone.

Many popular websites and services support two-factor authentication. This means that even if someone is able to get your password due to a hole in a public Wi-Fi network, they won’t be able to log into your account.

To enable this feature for Gmail, log into your account and open the settings page. Navigate to the Accounts And Import tab and click Other Google Account Settings. The second section will be two-step verification, and you can click Settings to start.

First, enter your phone number and choose whether you’d like a text message or a phone call. Next, Google will send a six-digit code to your phone. Enter this when prompted. Now, whenever you log into Google from a new computer, you’ll be asked to verify your identity by entering both pieces of info.

The login process will now take a few extra seconds when you use a different device, but you can rest peacefully knowing that your account is safe and secure.

Turn off sharing:
If you use a laptop, you might have it set to share files and folders with other computers at work or home. You don’t want these settings on when you’re using a public network. Windows Vista, 7 and 8, make it simple to automate your sharing settings. When connecting to a public hotspot for the first time, Windows asks for a location type. Make sure you set it to “public.” This will automatically modify sharing settings for maximum safety.
On a Mac, go to System Preferences>>Sharing and make sure all the sharing boxes are unchecked. You’ll have to turn on the controls again when you want to file share on your home or work network. Don’t automatically connect to Wi-Fi networks. It’s handy when your smartphone, tablet and laptop automatically connect to your home and work networks, but that can lead to trouble when you’re out and about. Hackers often give their rogue hotspots generic names such as Coffee Shop, Linksys or AT&T Wireless. You want to be certain you are connecting to the router of the business.
Tweak your gadgets’ settings so you have to manually join networks in public. Then verify with a store employee that you are connecting to the correct network.
You might think that an establishment with password-protected Wi-Fi is safer, but that’s not the case. Passwords are good for keeping people out of your home network, but for public networks, anyone can join. Once a hacker is on, your gadgets are accessible.

Use HTTPS:
Regular websites transfer content in plain text, making it an easy target for anyone who has hacked into your network connection. Many websites use HTTPS to encrypt the transfer data, but you shouldn’t rely on the website or Web service to keep you protected.

You can create this encrypted connection with the browser extension HTTPS Everywhere. With this plugin enabled, almost all website connections are secured with HTTPS, ensuring that any data transfer is safe from prying eyes.

Get a VPN
The most secure way to browse on a public network is to use a virtual private network. A VPN routes your traffic through a secure network even on public Wi-Fi, giving you all the perks of your private network while still having the freedom of public Wi-Fi.

While free VPN services exist, a paid VPN service guarantees the connection’s integrity. If you regularly connect to unknown networks, setting up a VPN is smart to protect your personal information.

One VPN provider is Private Internet Access, which costs $6.95 monthly and allows for unlimited bandwidth and multiple exit points, which will let you choose which country your network traffic is routed through.

Like this:

As per the recent information on may websites Adobe and Oracle have pushed out some patches for critical flaws found in ubiquitous programs that many consumers use, but may not even know exist.

As per Adobe’s latest update which was released on yesterday (i.eFeb. 20), patches a hole found last week that which affected Acrobat, Reader and Reader browser plug-ins. The flaw let some attackers crash computers and remotely run malware on both Windows and Mac OS X platform machines.

When it works, sandboxing is an effective way of isolating an application’s processes from the rest of a computer’s infrastructure in the event that the file the application opens contains unfriendly code.

Before the patch, Adobe had categorized the flaw as highly critical and told customers to run Reader and Acrobat in “Protected View” mode to mitigate their risk. Protected View is read-only and does not allow execution of files until the user gives approval.

Coming on the heels of the announcement of several high-profile Java-based attacks against Twitter, Facebook and Apple — and perhaps dozens of other companies — Oracle’s latest patch for Java, released Tuesday (Feb. 19), may be anticlimactic.

The Twitter, Facebook and Apple attacks all took place in January and were the result of Java flaws that were patched by Feb. 1. This week’s patches are still rated critical, however, which mean they should be implemented right away.

Apple has a love-hate relationship with Java. The computer maker once insisted on doing its own Java updates, but then got into trouble last year when it didn’t update it fast enough and 600,000 Macs were infected as a result.

Then Apple decided to stop including Java in stock installations of Mac OS X, which protected Mac users from Java flaws unless they downloaded it from Oracle.

Apple’s latest software update entirely disables its own version of Java from Web browsers, sending all Apple users to Oracle if they want the browser plug-ins.

Unless you’re a software developer or you do a lot of Web-based conferencing, there probably aren’t a lot of good reasons to keep Java running in your browser. Many security experts recommend turning it off.

Share this:

Like this:

After Oracle Took Java For the last year or so, Java seems to have spawned a never-ending flow of security bugs, partly because of the software environment’s invisibility to end users and partly because of the system access it allows.

In January alone, two different Java vulnerabilities were attacked by widespread browser exploit kits. At least one of those Java flaws led to the recently disclosed network penetrations of Apple, Facebook and Microsoft, and may have also been involved in the process of Compromising 250,000 of Twitter accounts alone.

Because of these developments of dangers, many security experts recommend that users should disable Java browser plug-ins on necesary basis, or even to take the more drastic step of uninstalling the underlying Java Runtime Environment (JRE) entirely.

Those recommendations may makes definitely sense for many users, but they are not blanket or blind solutions for all users with Java installed on their machines.
The problem is that Java, in one form or another, is still used for a lot of things that people want and need to do. It might be an essential element of running programs that you never considered.

If, for example, you are one of the millions of people who enjoy playing Minecraft or RuneScape, you’ll need Java installed on your machine. If you play “World of Warcraft,” getting rid of Java might leave you without the use of the game’s launcher.

If you’re a creative professional, Adobe’s Creative Suite, which includes applications such as Photoshop, Illustrator and Premiere, relies on Java to exchange information among applications. If you’re a user of free office software like OpenOffice and LibreOffice, both programs use Java.

None of those applications normally access websites, so leaving Java installed on your computer while disabling it in your Web browsers will let you use those pieces of software while minimizing your exposure to malware.

Unfortunately, that isn’t possible with many web-facing business applications that absolutely require that Java plug-ins be active in a browser, such as web-conferencing software like Citrix’s GoToMeeting or Cisco’s WebEx.

Twice the Fun

End users may want to try a “double browser” strategy.

“If you do rely on websites that require Java, consider installing a second browser and turning Java on in that browser only,” said Richard Wang, senior security manager at the British anti-virus firm Sophos. “Use it for your Java-based websites only, and stick to your Java-disabled main browser for everything else.”

For businesses, people who work at home or anyone with an abundance of sensitive data to protect, a beefier version of this strategy can keep Java security problems from becoming system-wide issues.

“You should make a list of all the tools you use on a regular basis and that require Java. Then, run these tools in a virtual machine or other isolated environment,” said Tim Erlin, director of IT security and risk strategy for San Francisco’s nCircle, referring to software-based computer emulators that essentially “live” inside other computers.

“If you find that you need Java for many of your routine tasks,” Erlin said, “it might be time to consider evaluating alternate tools that don’t require Java.”

Will these strategies be a silver bullet that will protect you from all of the security problems that have been plaguing Java on the Web? No, but in IT security there are no guarantees. You can only mitigate your risks and take reasonable precautions.

After all, Java is not the only browser plug-in that can be exploited to install malicious code. If you uninstalled or disabled every possible risk, then the Web would lose the majority of its functionality.

Practical security is about playing the odds and getting the best possible protection without putting everything on lockdown.

Share this:

Like this:

Today morning i was visiting my facebook page using mobile, one of my friend buzz me and asked “Do you know ZendStudio 10?” I thought may be he is asking about ZendFrame work and replied him “Yes, I know, I am using it for my current app development”, He replied How about Cloud Computing with Zend? then immediately, I was struck, it made me think more. That is the reason i took this topic for today. Lets get into it..

What is Cloud Computing?

cloud-computing

As per Wiki: Cloud computing is the use of computing resources (hardware and software) that are delivered as a service over a network (typically the Internet). The name comes from the use of a cloud-shaped symbol as an abstraction for the complex infrastructure it contains in system diagrams. Cloud computing entrusts remote services with a user’s data, software and computation.

Cloud computing is the next stage in the Internet’s evolution, providing the means through which everything — from computing power to computing infrastructure, applications, business processes to personal collaboration — can be delivered to you as a service wherever and whenever you need.

The “cloud” in cloud computing can be defined as the set of hardware, networks, storage, services, and interfaces that combine to deliver aspects of computing as a service. Cloud services include the delivery of software, infrastructure, and storage over the Internet (either as separate components or a complete platform) based on user demand. (See Cloud Computing Models for the lowdown on the way clouds are used.)

cloud-computing

Cloud computing has four essential characteristics: elasticity and the ability to scale up and down, self-service provisioning and automatic deprovisioning, application programming interfaces (APIs), billing and metering of service usage in a pay-as-you-go model. (Cloud Computing Characteristics discusses these elements in detail.) This flexibility is what is attracting individuals and businesses to move to the cloud.

Cloud computing is all the rage. “It’s become the phrase du jour,” says Gartner senior analyst Ben Pring, echoing many of his peers. The problem is that (as with Web 2.0) everyone seems to have a different definition.

As a metaphor for the Internet, “the cloud” is a familiar cliché, but when combined with “computing,” the meaning gets bigger and fuzzier. Some analysts and vendors define cloud computing narrowly as an updated version of utility computing: basically virtual servers available over the Internet. Others go very broad, arguing anything you consume outside the firewall is “in the cloud,” including conventional outsourcing.

cloud-computing

There are many types of public cloud computing:

Infrastructure as a service (IaaS)

Platform as a service (PaaS)

Software as a service (SaaS)

Network as a service (NaaS)

Storage as a service (STaaS)

Security as a service (SECaaS)

Data as a service (DaaS)

Desktop as a service (DaaS – see above)

Database as a service (DBaaS)

Test environment as a service (TEaaS)

API as a service (APIaaS)

Backend as a service (BaaS)

Integrated development environment as a service (IDEaaS)

Integration platform as a service (IPaaS), see Cloud-based integration

In the business model using software as a service, users are provided access to application software and databases. The cloud providers manage the infrastructure and platforms on which the applications run. SaaS is sometimes referred to as “on-demand software” and is usually priced on a pay-per-use basis. SaaS providers generally price applications using a subscription fee.
Proponents claim that the SaaS allows a business the potential to reduce IT operational costs by outsourcing hardware and software maintenance and support to the cloud provider. This enables the business to reallocate IT operations costs away from hardware/software spending and personnel expenses, towards meeting other IT goals. In addition, with applications hosted centrally, updates can be released without the need for users to install new software. One drawback of SaaS is that the users’ data are stored on the cloud provider’s server. As a result, there could be unauthorized access to the data.

cloud-computing

End users access cloud-based applications through a web browser or a light-weight desktop or mobile app while the business software and user’s data are stored on servers at a remote location. Proponents claim that cloud computing allows enterprises to get their applications up and running faster, with improved manageability and less maintenance, and enables IT to more rapidly adjust resources to meet fluctuating and unpredictable business demand.
Cloud computing relies on sharing of resources to achieve coherence and economies of scale similar to a utility (like the electricity grid) over a network. At the foundation of cloud computing is the broader concept of converged infrastructure and shared services.